July 27, 2023
It was quite the busy day for the SEC yesterday (and for my financial regulatory colleague Mercedes Tunstall, who was actively monitoring and analyzing), with two major developments: More formalized SEC guidance on cybersecurity incident disclosure and a proposed rule to “evaluate and determine” whether the use of certain technologies could create a conflict of interests with investors.
Keeping up with the SEC’s breakneck pace were several other U.S. and European regulatory bodies, with a week of much-anticipated guidance, which we cover this week along with several other important developments.
Additionally, as we go to press, the Federal Reserve Board and the FDIC have announced that they will meet today to consider issuing proposals to implement the Basel III endgame regulations (aka “Basel IV”). The Office of the Comptroller of the Currency is likely to act today as well. We have our reading glasses ready, and will be providing our analysis on the proposals in the next week.
For now, we hope you find this issue valuable. We’re happy to discuss anything on your mind. You can reach us here.
Daniel Meade
Partner and Editor, Cabinet News and Views
The Securities and Exchange Commission (“SEC”) has admonished companies to report material cybersecurity incidents in their public filings since 2011, but yesterday the SEC announced a new rule actually requiring disclosure of cybersecurity incidents and providing a standardized means and timeline for how and when companies should report such incidents.
Specifically, a new Item 1.05 of the 8-K will be required within four business days of when a registrant determines a cybersecurity incident has been material. Item 1.05 will require disclosure of “the material aspects of the incident’s nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant.” In addition, registrants and foreign private issuers will be required to “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previous cybersecurity incidents” on their annual filings (i.e., as applicable, on Form 10-K, Form 6-K and Form 20-F), which description must include how the company’s board of directors and management are involved in the assessment and management of material cybersecurity risks.
The timelines for compliance with this new rule are aggressive, with the Form 8-K and Form 10-K changes being applicable by December 15, 2023, leading Commissioner Hester M. Peirce to voice concern that, “[c]ompanies will have only months to align their internal disclosure processes with the new incident reporting requirements [and that] these disclosures may make companies vulnerable to attack” because they have little time to plan their disclosures and to take steps to mitigate adverse consequences.
Spurred by the prevalent use of predictive data analytics by broker-dealers and investment advisers to direct their recommendations to investors and to ensure that investor interests remain paramount, the Securities and Exchange Commission (“SEC”) announced yesterday that it has proposed a rule that purports to provide a means by which firms may “evaluate and determine whether its use of certain technologies in investor interactions involves a conflict of interest that results in the firm’s interests being placed ahead of investors’ interests.” Should such a conflict of interest be identified, then “firms would be required to eliminate, or neutralize the effect of, any such conflicts.”
The commentary to the proposed rule explains that the SEC’s use of the term “predictive data analytics” is intended to include artificial intelligence (“AI”) solutions as well as technology solutions that may not technically include AI, and all such technologies are defined under the proposed rule as a “covered technology.” Expanding on the kinds of technologies intended to be covered by the rule, Chair Gary Gensler admits that the predictive data analytics used by streaming platforms identify him as a “rom-com” enthusiast and analogizes that result to the use of such predictive data analytics in interactions with investors. He emphasized the need for proper controls to be placed on such technologies by explaining, “if the robo-adviser or the brokerage app is using a function… to optimize for its own interests” is it then communicating with investors because it will be good for their investment decisions, “or because it might benefit the firm’s revenues, profits, or other interests”?
Offering a pointed criticism on the “covered technology” definition, Commissioner Hester Peirce points out that the breadth of the definition is so broad that it could include “spreadsheets, commonly used software, math formulas, statistical tools, and AI trained on all manner of datasets,” subjecting even simple Excel documents potentially to compliance with the rule.
Other than the broad definition of technologies subject to the proposed rule, the rest of the proposed rule is technology-agnostic and instead focuses upon defining results from the use of covered technologies that may be problematic for investors because a conflict of interest is created. Further, the proposed rule requires that firms establish policies and procedures to ensure that each use of a covered technology does not cause a conflict of interest and to establish protocols for ameliorating conflicts should they be identified.
Comments on the proposed rule are due 60 days from when the proposed rule is published in the Federal Register.
The Federal Deposit Insurance Corporation (“FDIC”) issued a Financial Institution Letter (“FIL”) earlier this week regarding banks’ errors in reporting estimated uninsured deposits.
The FDIC stated in the FIL that “some institutions incorrectly reduced the amount reported to the extent that the uninsured deposits are collateralized by pledged assets; this is incorrect because in and of itself, the existence of collateral has no bearing on the portion of a deposit that is covered by federal deposit insurance. Additionally, some institutions incorrectly reduced the amount reported on Schedule RC-O by excluding intercompany deposit balances of subsidiaries.” The Wall Street Journal characterized the FIL as a “scold” to banks that had underreported uninsured balances.
Given the large amount of uninsured deposits that played a role in the failures of Silicon Valley Bank and Signature Bank in March, the FDIC appears to be paying particularly close attention to this information in banks’ call report submissions. The FIL and the underlying provisions of the Call Report apply to insured depository institutions with $1 billion or more in assets.
The Federal Reserve Bank announced last week that its instant payments system, FedNow, is now live with 35 banks and credit unions, which means that “[b]anks and credit unions of all sizes can sign up and use this tool to instantly transfer money for their customers, any time of the day, on any day of the year.”
As we reported back in March, the Fed’s offering of an instant payments service brings credibility and gravitas to the instant payments space, which suggests that FedNow will drive not only a greater volume of instant payments but also lead to increased average dollar amounts for such payments. The Fed’s announcement emphasizes the benefits instant payments provide, especially by giving rapid access to funds and allowing for “just-in-time” payments to assist with cash flow. Indeed, in the Fed’s vision, when fully implemented, the FedNow service can support a world where “individuals can instantly receive their paychecks and use them the same day, and small businesses can more efficiently manage cash flows without processing delays.”
On July 12, Senator Kirsten Gillibrand, a Democratic senator from New York who sits on the Senate Banking Committee, and Senator Cynthia Lummis, a Republican senator from Wyoming who sits on the Agriculture Committee, joined forces again to propose a comprehensive bill that seeks to organize and operationalize the Federal Government’s response to crypto activities in the United States. In a press release announcing the legislation, the two senators acknowledge working with many stakeholders (including Cadwalader) to obtain “substantial feedback” to improve their previous legislation (Summer 2022) and describe the 2023 bill as greatly expanded legislation that “adds strong new consumer protections and safeguards to further strengthen the industry against fraud and bad actors, while giving American innovators the chance to thrive.” The Lummis-Gillibrand bill runs 274 pages and addresses many crypto-related topics, including registration of cryptocurrency exchanges, improved anti-money laundering provisions, and updated directives regarding tax treatment of various crypto activities, and establishes a path for depository institutions to be able to issue payment stablecoins.
Most importantly, however, a key challenge of comprehensive crypto legislation to date has been to identify when the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) have jurisdiction over the crypto activity – mainly codifying the Howey test while recognizing that not all crypto activities may or should be subject to SEC and/or CFTC jurisdiction. The updated Lummis-Gillibrand bill is significantly improved in this respect, providing a clear definition for crypto assets that should be governed by each agency (and, in some cases, by both agencies), and exempting tokenized assets as well as payment stablecoins from that definition.
As in the previous version of the bill, the CFTC gets an expanded grant of exclusive jurisdiction over “fungible crypto asset” spot markets and the authority to register “crypto asset exchanges” and regulate “decentralized crypto asset exchanges.” “Crypto assets” are included within the definition of a “commodity”; however, some provisions in the amended Commodity Exchange Act would only apply to “commodities” that qualify as “crypto assets.” Futures commission merchants are included in the definition of “crypto asset intermediary” and are authorized to transact with “crypto assets” but must adhere to mandatory segregation, third-party custody arrangements and prevention of conflicts of interest with affiliates. A lot of revisions in this version of the bill address the matters that have caused the “crypto winter,” and are addressed in CFTC’s and SEC’s complaints and enforcement actions involving FTX, Alameda, Binance and others.
The bill also involves a broader swath of agencies, including the federal banking regulators, state bank regulators, the Office of Foreign Asset Control (“OFAC”), the Financial Crimes Enforcement Network (“FinCEN”) and the Federal Trade Commission (“FTC”), directing them variously to take actions addressing consumer protection concerns, which include everything from adopting a uniform money transmission law for the regulation of crypto market participants at the state level to educating consumers about the crypto market to creating advertising standards for the marketing of crypto products and services.
Finally, for purposes of this brief note regarding the bill, the SEC is provided with something that the section-by-section overview claims “resolves a long-standing issue with SEC custody requirements” such that when a crypto asset is being held in custody, the SEC’s requirement to maintain a satisfactory control location “may be fulfilled by protecting the [crypto] asset with commercially reasonable cybersecurity practices for a private key.”
Due to the comprehensive nature of the bill, this summary only hits a few highlights of the bill, but we will provide more in-depth analysis as the legislative process continues.
In a recently published white paper, JPMorgan outlined its approach to improving and strengthening voluntary carbon markets to promote scalable decarbonization efforts. JPMorgan focused its analysis on voluntary carbon markets, i.e., markets where “companies or individuals to purchase carbon credits to meet their own emissions goals” independent of markets “created and regulated by mandatory international, national or regional carbon management regimes,” (i.e., compliance markets). JPMorgan also cautioned that voluntary markets are “not a substitute for robust public policies designed to address climate change.”
Under JPMorgan’s analysis, carbon markets provide benefits to the global effort to reduce carbon emissions beyond those offered by regulatory programs for three major reasons. First, they allow companies in industries that face challenges in reducing their carbon emissions where, for instance, “the technologies necessary to address emissions may not yet be commercially available or else may still be prohibitively expensive,” to offset their greenhouse gas emissions by purchasing carbon credits, thereby “enabling greater deployment of climate solutions elsewhere in the economy.” Second, by incentivizing investment, carbon markets “facilitate more rapid deployment of proven solutions, which can drive down net emissions more quickly.” Third, investing in projects via carbon credits can promote other environmentally friendly actions, including reforestation efforts, or a slowing of deforestation, which increases biodiversity, reduces other forms of pollution, and promotes stronger environmental resilience.
Still, JPMorgan recognized that carbon markets and the use of carbon credits may not be adopted on a global scale and across all industries as quickly as necessary to maintain net-zero targets without other efforts. Accordingly, it advises that companies should still devise business strategies and invest in technologies that will directly reduce their carbon emissions. While these actions may impose significant short-term capital expenses, they will likely increase business efficiency and reduce long-term costs, according to the bank. JPMorgan also cautioned that voluntary markets are “not a substitute for robust public policies designed to address climate change.”
The voluntary carbon markets provide for trading two main forms of credits: (a) avoidance credits and (b) removal credits. Avoidance credits are created when a company takes an action that either fully prevents or reduces the amount of carbon it normally would have produced under business operations. For example, companies can generate these types of credits by transitioning to solar energy or by taking actions to reduce deforestation. Removal credits, on the other hand, are created when a company actively promotes removal of GHGs from the atmosphere. This can be accomplished through a variety of options, including nature-based solutions like reforestation, or through technological developments like investments in, or promoting the use of, carbon-capture technology. JPMorgan noted that while nature-based solutions like reforestation tend to be more readily accessible and cheaper, they only store carbon for short periods of time. Technology like carbon-capture provides long-term removal of GHGs from the atmosphere, but tends to be expensive and is not yet fully developed.
Avoidance credits and removal credits work in tandem to complement each other. In the near-term, avoidance credits reduce the amount of GHGs released and slow the accumulation of carbon in the atmosphere. In the long-term, deployment of more expensive carbon-capture technology has the potential to partially reverse historic GHG emissions and counteract the continued release of GHGs from industries where emissions-reduction is prohibitively expensive or technologically difficult. As JPMorgan observed, while the goal of net-zero emissions by 2050 will largely be accomplished through reducing carbon emissions, “the large-scale removal of GHGs from the atmosphere will be [also] be necessary[.]”
JPMorgan also identified eight major factors it utilizes when assessing the value and utility of carbon credits, given widely recognized issues associated with “variation in the availability and quality of information needed to assess credit quality, resulting in a lack of confidence for many market participants.” Under its framework, the GHG emission reductions underlying each carbon credit should be: (1) real and proven to have actually taken place; (2) measurable and quantifiable according to recognized methodological approaches; (3) in addition to what would have already been undertaken by the company; (4) unique and traceable to each initiative; (5) independently verified by a reputable GHG accreditation program; (6) not simply a displacement of carbon emissions from one sector of the economy to another; (7) durable and long-term; and (8) equitable by promoting and supporting marginalized communities.
JPMorgan highlighted additional challenges facing the development of effective and efficient voluntary carbon markets. These include, in addition to a lack of quality information about each carbon credit, a scarcity of high-quality carbon credits that would promote and support large-scale efforts at decarbonization; the existence of “multiple marketplaces, competing frameworks and principles”; and an inability to “support more sophisticated forms of trading, which limits its ability to meet the needs of different kinds of participants. Improved trading infrastructure and further development of advanced features such as forward market instruments and reference contracts are needed to support increased liquidity, transparency and risk management, which can contribute to greater scale and efficiency.”
JPMorgan’s report highlights the potential value to companies of integrating high-quality carbon credits into their overall sustainability plans, while also acknowledging the challenges in doing so. The integrity of carbon credits is an ongoing source of controversy and challenge. Last year, for instance, the Chair of the International Organization of Securities Commissions cited concerns around the “appropriate levels of integrity, transparency, and liquidity” of voluntary markets.
Conclusion
Of note, the integrity of credits traded on voluntary carbon markets is not outside of federal regulatory oversight. Earlier this year, the Chairman of the Commodity Futures Trading Commission (“CFTC”), Rostin Behnam, announced in a speech that the CFTC recognizes environmental products as “commodities” and therefore “can play a role in voluntary [carbon] markets, and that carbon markets must be transparent and have integrity and adhere to basic market regulatory requirements.” The CFTC Chair’s statement followed a letter to the CFTC sent in the fall of 2022 by a group of Democratic senators asking for improved regulation of the market for carbon offsets. It remains unclear how the CFTC would exercise this authority in practice and what the implications are for the developments of voluntary markets; however, the CFTC has identified as a top priority addressing financial risks posed by climate change as well as prosecuting fraud and manipulation in carbon and environmental markets. In June of 2023, the CFTC published guidance for whistleblowers to report fraud in spot and forward carbon markets, and then announced the creation of an environmental fraud enforcement task force. Further, on July 19, 2023, the CFTC held its second convening to discuss the development of voluntary carbon. Nonetheless, carbon markets are likely to remain active, and have been growing around the world, including in the UK, Brazil, Australia and Africa.
(This article originally appeared in Cadwalader Climate, a twice-weekly newsletter on the ESG market.)
The Consumer Financial Protection Bureau, the federal financial watchdog, is facing an existential challenge at the U.S. Supreme Court next term. The uncertainty surrounding the outcome of that case is impeding the agency’s enforcement efforts as lower courts wait for Supreme Court guidance.
The CFPB, established in 2010 in response to the Great Recession, has always courted controversy. In 2020, the Supreme Court took issue with the lack of direct presidential control over the CFPB’s director. But that ruling did not limit the agency’s powers or authorities, and the CFPB has continued to function with its full powers intact.
Next term, the Supreme Court will decide a far more significant question: Is the CFPB’s funding mechanism unconstitutional? The agency cannot function without funding.
The uncertainty surrounding the CFPB’s funding structure has impacted the CFPB’s ability to use litigation as an enforcement tool.
Read the full Bloomberg Law article here.
Consumers’ Research, a nonprofit organization claiming to challenge “companies that have chosen to put woke politics above consumer interests,” announced in June 2023 that it was launching a publicity campaign against a global U.S.-based financial institution. According to the organization, Bank of America is pursuing an “ideologically driven agenda” and advocating “ESG fanaticism.” In a statement supporting the campaign, which includes national television advertisements, billboards in major U.S. cities, including one in New York City’s Times Square, and a dummy “Bank of America” website, Will Hild, CEO of Consumers’ Research, accused Bank of America of using its access to capital to help force a progressive political agenda. According to Hild, Consumers’ Research identifies Bank of America and its CEO as among the most outspoken lenders on climate-related topics, as well as other issues that some lump under the umbrella of ESG, such as gun laws, LGBTQ+ rights, and abortion and reproductive health protections. Hild also took issue with other measures taken by the bank, including calculating greenhouse gas emissions for clients and its internal diversity, equality and inclusion training.
The campaign against Bank of America is the most recent in the group’s wider “Consumer First” initiative, which focuses on companies’ ESG policies. For instance, it has targeted BlackRock which, as we reported earlier this year, also received a letter from 19 Republican state attorneys general, critical of the company’s ESG position. BlackRock defended its ESG policies, stating, among other things, that climate risk and the economic opportunities from the energy transition are top concerns for many of its clients and that its participation in ESG initiatives is “entirely consistent with our fiduciary obligations.”
In a statement, Bank of America said that its focus on “responsible growth is how [it] deliver[s] industry-leading service to [its] 68 million American consumers, being a great place to work for our employees and supporting communities across the United States while delivering strong returns for [its] shareholders.” The financial institution added resources to its Sustainable Banking Solutions Group in 2022 to advise clients on ESG issues that affect their funding requirements, valuations and strategic decisions as they transition to net zero GHG emissions. According to its 2022 Annual Report, Bank of America’s Global Corporate & Investment Banking (GCIB) line of business became number one in the world in ESG debt issuance volumes.
Conclusion
The political divide in the U.S. over ESG issues shows no signs of abating. We’ve covered efforts by Republican-led state legislatures to impose various types of penalties on financial institutions deemed insufficiently supportive of the energy industry. On March 30, 2023, 21 Republican Attorneys General (AGs) wrote a letter addressed to over 50 U.S. asset managers citing “concerns about the ongoing agreements between asset managers to use Americans’ savings to push political goals during the upcoming proxy season.” The AGs state their intent to “enforce [their] states’ civil laws against unfair and deceptive acts and practices and state and federal civil laws prohibiting agreements to restrain competition.”
BlackRock in particular has been a focus of these efforts, with certain state officials withdrawing state funds it had been managing. While it is difficult to assess whether these efforts are having an impact, we have observed that last year BlackRock increased assets under management by $230 billion, while losing approximately $4 billion AUM as a result of state government reaction to ESG issues. On the other hand, some commentators have claimed that BlackRock’s support for ESG shareholder initiatives dropped over the past year or two and just days ago it appointed to its board of directors the CEO of Saudi Aramco, the world’s largest oil producer. In the insurance industry, in May 2023, 23 Republican state attorneys general wrote to members of the Net-Zero Insurance Alliance expressing “serious concerns” about whether the NZIA’s requirements comply with state and federal laws. And, several insurers have withdrawn from the industry group in light of these types of expressed concerns.
Financial institutions in the U.S. have to balance these anti-ESG challenges with calls for greater action to promote net-zero goals and to assure financial resiliency against climate-related risks. Regulators in Europe and elsewhere are requiring banks to undergo climate risk stress tests as one component of assessing climate risk, while investors have pressured banks in the U.S. and elsewhere to cease or curtail financing for fossil fuel projects.
(This article originally appeared in Cadwalader Climate, a twice-weekly newsletter on the ESG market.)
On 20 July 2023, the Council of the EU announced that it has reached political agreement with the European Parliament on the proposed Directive amending the Alternative Investment Fund Managers Directive (2011/61/EU) and the UCITS Directive (2009/65/EC) relating to delegation arrangements, liquidity risk management, supervisory reporting, provision of depositary and custody services, and loan origination by alternative investment funds (2021/0376 (COD)). (We previously wrote about this here.)
The measures that have now been agreed include requirements that are intended to:
- enhance the integration of asset management markets in the EU and modernise the framework for key regulatory aspects;
- enhance the availability of liquidity management tools, with new requirements for managers to provide for the activation of these instruments;
- establish an EU framework for funds originating loans, which include requirements aimed at alleviating risks to financial stability and to ensure an appropriate level of investor protection;
- enhance the rules for delegation by investment managers to third parties;
- enhance data sharing and co-operation between regulatory authorities;
- establish new measures to identify undue costs that could be charged to funds and passed on to their investors; and
- establish new rules to prevent potentially misleading names.
The political agreement is subject to the approval of the Council and Parliament before going through the formal adoption procedure. The agreed revised text of the legislative proposal has not yet been published, but we will be following up with more detail on the final text of the agreed measures in the near future.